Examine the gap between IT & OT
If you want to build a bridge, the first thing to know is where the gap is, how wide it is, and what kind of traffic goes across it. As an “OT architect,” you also want to know where IT is separated from OT, what data is sent between the two environments, and for whom this data is relevant. Five types of data can be distinguished within the OT:
- Data that goes from IT to OT: order data or production planning data (what needs to be made when and what is needed to do so).
- Process or production data: the operator makes his/her decisions based on this information.
- Asset data: data on the status of the machines (wear etc.), especially relevant for maintenance.
- Performance data: how well did you produce? What is the cost of the products, how can it be improved? This is data that goes from OT to IT.
- Product data: data for quality staff (especially for food and pharmaceuticals because of storage requirements): Are the products safe? Do they meet the specifications? Often this data is stored in a data center for a longer period of time (>5 years).
In understanding these data streams, the value of those data streams must also be recognized. Not only the value within OT, but also the value after the transformation towards IT. Indeed, within IT, this data is valuable input for office processes.
Make a plan
To bridge the gap between IT and OT, start by creating a plan, with what was mentioned above as the main input. Three facets are important here: organization, technology and operations. I discuss them below.
The organization must be able to carry the set-up. Do you have the right OT and IT people, or maybe even a separate OT department? Are all servers and assets properly managed? Often these are provided within the OT by third parties and therefore are not included in the database for IT. Or the IT people do provide the service, but a third party does the configuration. As a result, the exact scope of maintenance and changes is not always clear. Good management is then important.
Start with the OT landscape: What systems generate what data streams? For which system is a particular data stream relevant? How do data flows across layers? Because of cybersecurity, it is inadvisable for data to pass directly through all layers. The OT data will be buffered or converted from there towards IT and vice versa. System availability also plays a role: can production continue if there is temporarily no data from ERP or MES? All these questions come together in a user specification, high level design and IT architecture design. If this design is unified, it will also be much easier to properly integrate cybersecurity (secure by design).
After making the design and setting up the organization, it is important to manage all the assets in the right way. A good Lifecycle Mangement Plan, including maintenance procedures and work instructions, avoids large investment costs and makes keeping the system in top condition part of the operation. For a good Lifecycle Management Plan, it is essential to also have an up-to-date Asset Inventory. Asset Inventory is a configuration management tool that includes all configurable components within the OT landscape.
With a clear plan, you have a dot on the horizon, a good design that is fit for use. The total systems meet user needs, are predictable in maintenance, and comply with cyber security basics.
Create a roadmap
Probably from the plan, there will also be systems to replace. Implementing this plan all at once can be a bit radical. Besides being very costly and disruptive to production, this approach is also risky. Should the OT systems not be configured quite right, it can cost additional money and time, which in turn affects production.
Breaking the plan into pieces and using the Lifecycle Mangement Plan and Asset Inventory and plotting them out over time creates a roadmap. This roadmap now forms the route to bridging IT and OT in a managed and affordable way, with acceptable risks.
Find a partner if the right expertise and experience is lacking internally
If the organization is set up to execute the roadmap itself, then there is no need to look for a partner. Yet it is more common for manufacturing companies to be primarily focused on producing products. Which makes sense, after all this is where they make their living.
Lacking the time and/or expertise to draw up the IT & OT plan and roadmap yourself, you can of course choose to hire a partner. Of course, there are plenty of companies that can help you. We are, of course, one of them. What makes us different from the others? We are vendor independent. Do not aim to sell a standard solution or software package. We are on the side of the production company and together we make a well-founded plan and accompanying roadmap and of course help in their realization.
Want to know more about our approach to an OT & IT plan and roadmap? Please feel free to contact me.